You’ve likely already heard that it’s a good idea not to install packages from third-party websites onto your Android phone. If you’ve ever wondered why people say that, here’s a good reason: there are reports of cybercriminals using the ToxicPanda malware to drain people’s bank accounts through infected apps.
ToxicPanda Is Infecting Android Devices Through Malicious Sideloaded Apps
As spotted byAndroid Headlines, the ToxicPanda malware is stealing people’s money via banking apps. The malware doesn’t infect any apps on the Google Play Store, due to the platform’s security measures like Play Protect keeping out malicious apps. Instead, bad agents create fake versions of real apps and then upload them onto third-party websites for people to sideload. The criminal is hoping that people don’t realizethe dangers of sideloading appsand let their guard down.
Once ToxicPanda is on someone’s device, it will track what the victim does when they use a banking app. Once it has enough information to compromise the target’s account, the app will begin performing payments into the criminal’s bank account. In the ToxicPanda report published byCleafy, the researchers discovered that the malware was capable of transferring up to €10,000 (around $10,750).
The best way to avoid a ToxicPanda infection is to never sideload apps on your Android phone. Always install them via Google Play, which has far more security measures in place to keep your data safe. It’s also a good idea to add extra security measures to your bank account; for example,two-factor authenticationcan help stop a hacker in their tracks even if they learn your banking username and password.
